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(54. System guarantying integrity of 
a gambling ay it em 

(571 Daia and aj&scifttod validation in- 
formation stored in s nontenure loca- 
tion are verified as to integrity by 
cryptograph techniques. Verification 
activates a gambling system to operate 
in a oamWer-feeo^nslvo modo, and 
non-verification activates an alarm 
mode. The system is usod in postal 
metering, electronic mod, electronic 
lunefs transfer anddhtf frourco dala 



processing systems. The validation in- 
formation is formed by deriving a first 
value from the data according to a first 
relationship, and then deriving the vali- 
dation information Irom the first value 
by means of a nonpublic derivation 
having an inverse function. The valida- 
tion word is then associated with the 
dala and stored in the nonsecure por- 
tion. Verification is accomplished by 
deriving 130 a first value from the data 

(57) continued overleaf.. 



■SOo 



0)0 




*n*r>oM.si ve Mooe 



COMTawTa. OF NOM-aCPLEt> hcu A3 



0*a 



I 



^trt(,.y CeuKNIl BHS6DOUPU6UC FWCTIONF 



CDWipytt INTEGER mmt E(VJ) FROKI 
vAnCoTiorj iudidW 9»lEDou PjBut 
ri/wcfiou F= 



1CQ 

/ 



*-e t i-jiif/i to 



5TO 

/ 



OPtrnflLE rnoUE 




yes 

'rjfe&piTtJ VERIFIED 

ASriiEM io'i»WE*-l?tsPoNSivE 



Execute 

"OK 




£»ECuT£ CBkie CO 

PBO&RBm 
f Row ruo>4- MniED 



CD 

DO 

ro 
ro 



en 

CD 
CD 



This specification as filed includes a ccnpuic pro u .v- , t „„, h( ., e , tp(0duce(J . 



BEST AVAILABLE COPY 



2121563 




^2? 



ZJO 



Zo 0 „ 
/ ZZq 



7 



l 



ROM 



MISC. 



I 
I 
1 
.1 
I 
I 

I 
1 



230 

-J 



NONSECURE 
MEMORY 
DEVICE 



270 



TfNTERFACE\ 
,1 PORT 1 



2121553 




219 



0 

I* ' 

O m 

j q 

a "{ 

£a 

<l 
Si 

0 «. 

« ? 

irt * 

1 is 

IS 

2 0 

a ° 
o 6 
tf> 2 

PI 
? < 

* S 

2 M 

« 

I" tu 
IU Q 

°3 

o 

> of 

™ 3 



T 



c 




IL 




0 




v» 




2 




<t 








£ 




T 




<a 


(L 




£ 


Z 
0 


ti 




a. 


o 




2 


Ci 


3 
u. 


a 


S> 






y 


Q 




D 




a 


2 




i 




i 










7. 




O 




Wo. 




SgT -SyST EW TO7ESTMO0E PlawER MONJ- 



£30 



SET ASIDE LflSTN DUTES OP MEffloOU 
CO^JTSMTS OF NOhJ-SEALED Roaa PS 
VALIDATION WJORD UJL DEFINE 
Mcr/ioRM CDMTENTs =VectoRR. 



COMPuTe INT6C-ER VALUE, F (R) FOR REMAlMINCr 
wiEffiony conTC NTS BASED OM puBLit Function P 



I 



compute jnjtec-er value. eCw) fro r« 

VALIDATION Ulo«OW BASED Ow PUBLIC 
FUWCTIOM E 



$6o 



LA 



wo 



P Lfi y e R-N ON- R£ S Posj&I V E 
ALORr\n MODE 




yes 

IMTEG-RlTy VERIFIED 



■SET SysTEf"> T 0 PLAU££- (?£SPoWilVE 
OP£ IfAB LE IVIOBE 



EXE CUTE fiUARM 
CONTROL-PROfrRflM " 
FRO" SECURE SEALED 



EXECUTE C-AWiE COmTRol 
PRo&Rftm 

FROfA NOM- SEALED Bo JU. 








15 



20 




10 



15 



20 



25 



SPECIFICATION 

A system and method ior guaranteeing tho integrity of a gambling system 

5 This invention relates to secure systems, such as gambling apparatus, and more particularly to a system for 
guaranteeing the integrity of information content in the secure system, such as trie control program of 
gambling apparatus. 

It is often the ease in electronic gambling systems that a microprocessor electronics based gambling 
sysiem can be customized for different types of play by changing a memory device (such as an EPROM) or 
10 by changing the memory device contents (such as by remotely downloading data into a read-write memory 
iRAM or EPROM). However, it is currently tho practice of some state gambling commissions, such as New 
Jersey, U.S.A. la require s sea! be applied to oil circuitry on each circuit board (including the EPROM or RAMI 
as pan of the certification process. Thus, inventories must be maintained of the sealed boards for each of a " 
piuraiily oi irricl">ir,is, both in rr,a.'.;jfv*;u;iri{} output and >nsir,'s;r,;r,g a ieui>ir slucSc piie. This approach is 
both costly and inefficient, inasmuch as rrmny machines have a common nucleus and utilize the same circuit 
beard with a different control memory protjrom for eaLh of a plurality of games being selected by 
interchanging a memory device or its contents. 

Although this approach is costly and cumbersome, there has heretofore been no alternative technique 
provided to perform the important function of guaranteeing thnininnrity of the gambling machines. 

In accordance with one aspect of the present invention, a system Is provided wherein data and associated 
validation information stored in a nonsecure location are verified as to integrity by cryptographic techniques. 
Good integri'v verification activates the system id operate in a first mode, and bad integrity verification 
activates the system to operate in a second mode. In a preferred embodiment, the system is a gambling 
system, with a first mode corresponding to user responsive operation and the second mode corresponding 
25 to an alarm mode. Other systems whore tho present invention would be useful include postal metering, 
electronic maii, electronic funds transfer and other secure data processing systems. 

In accordance with another aspect ol the present invention, the system has an interface port for 
communicating wiih an external device, such ns a central control computer. Data and associated validation 
information are loaded into memory in tho nonsecure location, and the system verifies the integrity of the 
30 data and associated validation information os stored in ihc memory by cryptographic techniques operative!/ 30 
reeling :hc data to the associated validation wnriJ. The syEtem is activated to either 3 first or second 
operative mode responsive to a vesication result of good Or bod integrity, respectively. 

For example, a central computer could download information 10 oneor 3 plurality of remotely located 
systems which would e£C';, verify the integrity of Ihe information received and stored in its respective 
35 memory. Where the remotely locaiiu systems (rre gambling syncms. the downloaded information can be 
odds, conirc! programs, random iiijmr>i:r ■ ccds, tic. 

In accordance v,:ih one of the illusf itrlcd embodiments ollhe present invention, a gambling apparatus is 
(jisciusKu hsvirg 3 secure portion which is cutlifimi or. J sealed by the Gaming Commission, and having a 
. nonsecure pon : on. not sealeo by the Ginning Commission, the integrity of which is verified hy the secure 
portion. The secure portion of tut yamMing apparatus comprises a circuit board having a ii-ntral processor 
and a first memory. The nonsecure poihon of the gambling apparatus is comprise! of a second portion of 
the circuit board, or an independent circuit board, having a second memory such as a nonsecure ROM, 
EPROM, or read-write memory (RAM). Utilizing cryptographic techniques, Ihe integrity of the nonsecure 
portion of the system is verified by Ihc secure portion ol Ihe system. 

The gambling sysiem is operable in threo modes, and pov/crs up in a lest mode for verifying the integrity 
of Ihe gambling system. Wher,e a positive verification is mode that the nonsecure memory (e.g. ROM) has 
satisfactory integrity, the system is activate tl to an operable mode responsive to player user control inputs. 
Alternatively, where the results of the test mode is a negative verification showing the nonsecure memory 
does not have good integrity, and gambling system is forced to an inoperable mode nonresponsive to player 
50 user control inputs, and an alarm is activated. 

The nonsecure portion of the circuit board. Ihc integrity ol which is crypiographkslly detectable, has a first 
nonvolatile memory (such as a ROM, PROM. EPROM or E EPROM nonvolatile memory or a read-write (RAM) 
volatile memory) having a validation word stored therein, Ihe validation word being derived from ihe first 
memory contents according to a first relationship. The validation word is lormed by deriving 3 first value 
55 from the first memory's contents. The validation word is then derived from the first value by means of a 
nonpublic derivation having an inverse funclion. The volidalion word is then combined to form a pari of the 
contents of the first memory. 

The secure portion of the circuit board has ■: p.ocessor and a second nonvolatile memoi y mounted 
thereon. The integrity of the secure portion is overt and delectable, such as by physical seal. The secure 
60 portion ol the board includes means lor deriving a second value from the validalion word of the first memory 
meins of the inverse function. The secure portion also includes means for comparing the first and second 
values, and means tor verifying the integrity ol the second memory. The verification means activates Ihe 
gaming sysiem to the user reponsive play mode responsive to a comparison result of equality, or activates 
Ihe gaming system to the user nonresponsive (alarm; mode responsive to a comparison result of inequality. 
55 The relationship lor deriving the firsl value. Hit nonpublic ;r ; !.-it:or.ship, and the inverse, relalionshipof Ihe 55 



35 



dn 



45 



50 



55 



60 



. I UJJ* 



CS2 121 5C9 A 



10 



15 



20 



25 



non-public relationship, are such that '"l^rrclfitiny or cross deriving cr.a to another is very complex and an 
extremely difficult and time conmming task. In a pr efer/ed embodiment, tlje encryption lunction is secret 
and Ih-j inverse function is public. ' '- 

A better understanding of the invention may bo had from Ihe following detailed examples. Ihe detailed 
5 description being taken in conjunction with the accompanying drawings in which: 

Figure 1 is a perspective vie-// of 3 gaming system such as a video slot gambling machine, illustrating one 
apparatus which can utilize the present invention; 

Figure 2 is 3 top view showing ono embodiment of a circuit board as contained in »he gaming system of 
Figure 1 having a secure portion and a nonsecure portion; 
10 Figure Jisaflowchart illuMroting one embodiment of ihe encryption method utilized in accordance with 
one embodiment of the present invention; 

Figure 4 is a flow chart of ihe decryption lest method as utilized in accordance with one embodiment of the 
present invention; and 

Figure SA-Dare computer program listings lor one embodiment of the present inention. 
15 Referring now to Figure 1. a gaming system >b shown illustrative of one embodiment of the present 
inveniion. A housing 100 is provided which contains the necessary human player control interfaces as well 
as electronic circuitry and mcchaiticat circuitry. Human player control inputs are provided, such as push 
buttons 110 and control handle 120. A viewing area, 130 such as video screen is provided on thefrontof the 
cabinet housing 100 for player viewing ol the gaming machine response to player inputs. Coin shoots 140 
20 are provided for accepting pfayer con» and reluming bent coins. The number of credits which the player has 
as well as the active game ditplay are provided on ihe visual display means 130. For example, the gaming 
system of Figure 1 'an be a slot machine ftambling system having 3, 4. or any number of reels, or may 
alternative^ h» — -her typ. : vl warning or gambling system. Where applicable, a pay out shoot 145 may be 
provided for oulpulting coinj to winning players. 
25 The housing ,00 al 5U contain an s!„..r 0 nie circuit board 200, as shown in Figure 2, which provides the 
control and game electronic circuitry necessary to create Ihe desired gambling system in conjunction with 
ihe video display 130 and ute» ."i-c-rl&cc controls 1 1 0 and 120. Additionally, the housing 100 contains 
necessary power iuppiies. limit switches, elc. necessary to implemen: the remainder of the desired gaming 
system. 

30 Referring to Figure 2. the r.i rciJ i, bw,,U 200 as discussed with reference to Figure 1 is shown in block ,„ 
-ragram form. The circuit bo^rfl too rn 0y be comprised of a single circuit board or of a plurality of circuit 
boards with appropr.ale int',-rf.onn»ciions provided. The circuit board 200 is comprised of two functionally 
separate umts. a sealed secured portion 2 10 and a nonsealed. nonsecure circuit portion 250. The sealed 
PROM n,Tp£nZr 2 l°- • * i ""- ,r;,,td - con,ains » microprocessor 22 0, a read only memory (such as a ROM. 
KBOM or EPROM). and miscTllanrrous electronic and electromechanical circuitry 240. The sealed portion of 

would earn^ Al ' ec " es 7' 6 « h * °< «he gaming system in a physical sealing manner which 35 

wouid comply w,tn a particular Slaio Gaming Commission's requirements 
The ..onseaied portion of :»,e tinu.t fcoarn. 250. contains an interconnection socket 260 for a memoir 

?..d », 3 A »;r,° M ' Pn ° M - ° r 6Pn0M, • Wbcn ,he soek « 260 » rovld « interconnection for a 

Z ,ZT ' m0rV - ^ °' £f,R ° M ' ' he 1,0,3 COnten,s of ,he '«*»»»• memory ran be downloaded into M 

ead wme m^r 0 ; 7 - °' V^T- ' ' M pt ° 9 '° m be ""w^loaded from a remote site into the 4 ° 
read-wnte memory of a local n.iroM.ng system via an interface port 270 (Figure 2) of the local gambling 

^^^T htaMe ''■ P,,y, ' , ■ n, V<fri,itd " y lhe SBCUre p0n ' on oi ,he circuit board in accordance with 
» r cn "°' 1 ' Mu,,i » ,e B^ bli "3 systems can be configured to meet crowd 

can a Z £IZZ V , T £ <" , "0 , P' 0 """™ Either locally or remotely for each system. The systems « 

cir«tbV«d?nTh V f, ,n0 r f . a ' ive W « town '«*"B appropriate controt programs. This portion of the 5 
chZlt i « - . t phys Tl y iM - * nti th ' JS ,hB memor y inserlEd iMo ROM socket 260 can easily be 
aS mSmV„ an9 . ed ' ^ '* ""'"^ "° m ,he view poin > of ™i"i«i ng W par« stock piling 

^x7Zv Jx^Z^. T C T!"' :° ve . n,ion - cryptographic techniques are utilized to verify the so 

miegriiyot the nonsecure portion of the circuit he,strt -ten „;„ ~- < . '. 5 " 
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60 inS'S^^SS^Sr,^ "T'^r"^ 3 —re memory for insertion «, 

Proceeding a, step ^ZSwlT i e J > l ^ tM ' , ' ,,0WCh3rt f ° f m ' The at Step 300. 

reserved from the remaintnu A „,/ n ""Secure memory are designated as a validation word W and 

program wh ich has SEKSJS X T^tlZ'"*'* ^ * " ,! " VeC,t " R A 

S5 contents of the nonsealed an„ ii^ &^S^^^^^ » 



•:t..rc memory (the vector R>. The validation word W is as yet undefined. 
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Clemen, of R. F need not be oneto on. hlX? M h" ' nte f' * h °»™9"*««e is comparable ,o that of one 

■al.remes add,™ «ien.,.|..s io 1. . . °> lot lunds transit,. The 

access lo t. Secondly crvc.n.u..nh;.- .1- 1 e ' 0 .' eiise,ess,< > "wewho aie ooimeeni lo have 
tampered wHh. of c*^tt£^£™SZ?'™' ,h « •"-»■* «* "~e "<* bee., 

step .00. The process proe^ito «;X I *e<^ '"T^ « 

non.esponsive to players control inputs. The comenu ol ^ h^nLM^ !. mode Wherem ,hE s * slenl * 

by lhe secure se31ed port r on of .^^sk ; b 5. KiK^s:?^ board t. 

35 memory contents as .he vacation wo , d w and defin.nq t eZ iZ ? ^ nonsealed 

vector R whose e.ements Br . , he MuM ^ nonse"^ """^ CO " :en,S " 3 35 

Proceed.ng, as M...s:raied ai step 430. the integer v»..» «pi is comouted for »h B „ ' 

,0 function E is the inverse of the Z^ ^S^m J^S^ * ' eC3l,ed ' ha ' ,he 

nonsealed memory have no, been tampered w,",? E,0(FiR) " " F ' R ' °"'v when thecontents ol the 40 

v^ied ."and theY^sysf £! ^^^T^^St ^ 

memory is executed bv the »,~«„» " ft 1 1 ° pro 9 ram contained in the nonsealed 

r ra e*ecuiea Dyine processor in the sealed port on of the circuit hnarrt oin .u,. - 
operation proceeds under suoprviiinn^riKe., , V u "° ,,ne Clr cuit Board, 210. and Ihegamtng system 

step 470. At this poTnuh J mTeK is £ ab ed and'th ? ^ ^ 5eCure ^ » 0M i,,us,ra ' ed « 
55 tainted nonsealed merW d^v ™ • d '" b ' e ^ and ,he opera,or » informed of the error condition. The 

55 between ^^ZlZ^l^T^ ? * S ° Cke ' 3 " d ,he ° pe ' 3 '° r cht >°« » 

rs placed in the ROM socket 460 the d i 0 r , ™Ar-H , ' °' ed 31 bloelt 50a Whe,e a "ew.ntegrated circuit 

ir. either even,, the tainted Z' ! cto'^ ld h J ,eP " tS S ' arti " 9 33ain 31 S,C P«0«^ Power up. 

*JZ£5££Z£££ m'SS? °' '"r i,,U5 " a,ed embodi — ^ ih. ROM 230 in the sea.ed 60 
ponion of the c»r™i boa d 25 o IS 8 ,^" ,raI,on ."'°9 r3m '° -onitor the security of the nonsealed 
Plublfcly ava .able tuS S!k?h f * " 9 f '° " oflsealed 260. The function F is a 

£5 nonsealed memo' ZT^TJZ ^l*™ 11 '' F « R ' P'"*** a P^.ic.y available signature of the 
65 emory contents i, ss )he vs , irJat , on check WQrd w wh;|e (hs encryp , ion (o fl 



available 10 provide lor a publicly available tneiyp'ion key check word E(W). By computing the validation 
check word W using a secret decryption key, luntlion D, which is the inverse of the public encryption 
function E, the integrity of the entire contents of ihe nonsaalcd memory (both the validation word W and the 
remaining contents) can be protected ond dateciod in accordance with the present invention's teachings. 

An example maybe illustrative. Presume the non sealed mbmory to be protected is an EPROM having a 
capacity of 2048 bytes. The last 8 bytes oro SOt aside as the validation word W, and the remainder is 
paniiioned into 408 five byte words IDo, D, ... 0*,,), Define 408 nwnecified integers (P,, P 7 , ... P«j) and an 
additional prespecified integer P*^. Additionally, o large composite integer XNBase H prespecified. F(R) and 
EIW) can then be computed as follows: 
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RR) =1 W i pi {moduloXNBftse|. 
i = o 



E(W| « W p " 3 (modulo XNBase). 
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The vahdat.on check procedure can be modilifid slightly such that if f (R) plus E(W) (modulo XNBase) equal 
20 to 0 then the mtegrity of the EPROM is questioned and the system goes lo the alarm mode. This example in ,„ 
us modi.ied format has been implemented with o BASIC language program ind has been successfully tested 
on an EPRCMfrom an electronic slot machine. Tho BASIC language program and EPROM object code 
hndump In |>n» :- -.== .. sS r 2!e d F'jjyes &n.n. Whii? BASIC, langnag, was utilized in the illustrated program 
ot Figure 5, any computer programmed longutjfjo could bo utilized with an appropriate system. In the 
25 Ulustr?ted system of Figure- 1 ; S, all arithmetic operations were exact modulo (XNBase). double precision 
numbers exact to 16 digits. However, other cryptographic mathematical techniques could be utilized equally 
we!!, and implemented in accordance w i, (l mQ things of the present invention 

It w.ll be unde,s:ood by those sfcilr-rl in tho (trl that other fur.ciional and operative relationships between 
the data and vahdat.on .nforma.ion can bo used consistent with the teachings of the present invention 
30 Furthermore, m penormmg the ver,licr,tion function/operative relationships in addition to or instead of 

comparison can be used consistent with tho teachings of the present invention 0 

ihe^lLVritv „f h ,r 6 b T f * SCribetJ ^° V0 V,,,i °" 5 < fmb ™' im <"«» «>' astern and methods for guaranteeing 
™« ! ° . C ° v. Pr03r3m °' ° onmb,!n 0 '" achi ™ ^ving sealed and nonsealed portions, for the 
ttoZl l- 8 r" ""I"*' V ' hiCh ,h ° WBn,ion m °V be ««* «° advantage, it win be app eciated 
35 2h n^?™ " Mr " m,led thert, °- Ac ^'^i>W. any modification, variation, or equivalent arrangement « 
w„h,n the scope of the accompanying c l f .im S uwd be considered to be within the scope of the invention 35 
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40 integrt «mS£„gf eC,iVB,V ° Pe ' &,!n ° * °° U & ' ° p,U '° V ' lY °' mod " ^ S We to a determined system „„ 

.b! a "^uTnZT'T,? hnvin!J ^ and v » >ia *™ information in a portion therein, 

id; a secure portion of the system comprised ol- 

II) means for deriving a fi, s , V3 , oc „ om , he (j 51 „ tt0f()ing , oa firs , re | aliorisnip . 
5 relationshTI * ° ^ valida,i °" '"formation by means of a second 

S ZZl 1°' ° P ? r3t ! Ve,y rel3,ir, t' said '»« »«» «cond values to determine system integrity. 
cJlZ^Z 9 '° n •»»«l«f operational mode responsive to said LL for 

--Sy^^ 
data ^^^^SSSSt^^ ,h °' derived from said 

55 t SsSasIn^ 55 

■ opera ^^^^^^^ ? aC ' iV£ " in9 Wn ^ ^ * 3 <"* 

60 operationa. mode toT^Tj^^^T' ^ ^ ^ ,0 3 SeCOnd 

^dere'VoS^TdSelmin^ * ^ M '' d is ■ «>™*h»I 6 ° 



! 2 ThtllvlZ 11 r! aim f °'. S Vyhe ' C,n S " :d ' irS *' Second » ntf <"" d 'efclionships are one way functions 

JlT T"™ ? - in ^'. a!m 1 ' Urther cha '«'«'»"d as a gaming system. 5 
' system . * S,emaSm ° 3,ms1 ° r 2 or3o ' 4of5 °' ^or7 orflor ,2 f urt herch ar5 c,er ired a S a gam^ 
15. Thesystem3sinClaim10f ut1hefcharae , efi „ d3S8 m . 

10 S. The system as in Ctaimllfunher charactered as a eaming system' 

7. The system as m Claim 9 further charactered as a gaming system. 10 

• \t tS system as in Claim , 1 3 !d n ° ram ' ° Pera,bn m ° de iS 3 P'-ver-responsive mode. 

2tt A system Ts" Oa nT^TZ cha / oc,er '" d ' n ,hat said portion is physical sealed. 

22. The system asin Claim 1 or 13 funher comprising- 

mterface means for communicating with a device ewemal to the system 

20 n,ZT " 9 *' """^ POrt ''° n ' ec . eh * d «™unica,ions'responsive to the interface 20 

daS an, iSESSST ^ "* « characterized as said 

24. The system as in Claim 22 funher comprising- 

to said nonZZ r P oatoJ ^ , " U,,p0 " h,n °' ,he s * s "™ is remp,e.y .ocated relative 

30 values. executes .nslruct.ons from sa.d secure memory toderive said first and second 

27. The system as in Claim 8 further characterized in that said r.^tr*^ , 30 
and said second mode is a piayer nonrespon jve mode ^ '* " P ' 3Ve ' ' es P° ns ' v * ™ d *- 

35 fa) ?conU*£ Z SU r 9 B ,n,e . 9 ' i,y °' 3 remo,e! V '«»!«> down.oaded memory comprising- 
Irl LT te T' remole,v ! oca,ed re '°» v * "> controller, including a memory 

■ocid™^^ 

40 td) verification means comprised of: 

system imegerify, and B SeCOnd Va '° CS fof P' ovitJi "» an output indicative of 

comrollel. ^ Whe ' Cfn S3id -»« * -motely located relative to said 

50 S sy^em 2 in SS S IT"" I- 0 ™ 6 * ,0 " ,ed S * S "™ is a "stem. 50 

functions. m J ° Wfte,e ' n SB ' d ^ ' S, ■ »»"d and inverse r C r al i 0 nships are one- way mapping 

no"ma.Ip"a V b;e e moae n re C lpo n ns° etf" '? ^r^ '* ' Urthef « ""baling said system to a 

5S ^moderesSV^ 

process^ 22 " * ^ 30 whefCi "^ fd 'Cmo.e.y located system is further comprised of data 

63 is a 3 gam T i„ e g sysTer 5 °** 36,U ' !hCr "*« a < *«' « -W — te.y located systems 6 n 

«^c^ 
39. A gaming system comSj: 6 '«*«"^™*'v located system. 

65 fa) a circuit board; 

65 
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lb) •-. nonsecure portion of the circuit board, the integrity of which is cryptographically delectable, having 
a memory having data and volirJation information stored therein, wherein the validation information is 
derived from the data information according to a public first relatic-iship and a secret second relationship 
having a public inverse relationchip; _iBlfBk 
5 (cJ a secure portion of Iho circuit board having processing electronic JB Bhereon. the integrity of 
the secure portion being detectable. H 
wherein said secure portion of Iho circuit board is further comr"i«:i»rl nf/^^^^ 
(1 } means for deriving ofirsi value from the data omfpr. atopm according to .he public first 
relationship, 

10 12) means for deriving o second value from said validation word by means of said public inverse 
relationship, 

(3) means for operating on t aid first and second values to provide an integrity signal, 

(i) means for activating said system to a first mode responsive to a first integrity signal indicative of 

good system integrity, and 
15 (51 means for activating said system to a second mode responsive to a second integrity signal 

indicative of bad system iniogrity. 

40. The system as in Claim 39 wherein said secure ponton is further comprised of a processor and a 
second memory. r 

41. The system as ir» Claim 39 wherein said first, second and inverse second relationships are one-wav 
20 functions. * 

42. A system as in Claim 39: s 
said£« ' el3t ' nnth '' a haS ,he chafa clerislic that changing the contents of said memory changes 

43. The system of Claim 39: 

25 wherein said second r elMior,.-.!,,^ is a one-way trap-door function. 

44. A gaming system computing: . 2 
la) a cabinet having a diep'ay area and a user control; 

{bl a circuit board mounted within the cabinet; 

™ a ™LtZTJ C »Z P ? ni ° n t 0f , ,h 1 ' ,C;rCUi ' b ° ar<1 '. ,he !nIe S ri| y of which * cryptographically detectable, having 

30 a memory havmg data and valid a Hon information stored therein, wherein the validation infcmalion s , n 

der.ved. hy means of a icconr relationship having an inverse relationship, from a first value derived from 

and changing accord.ng to a first relationship responsive to the data contents- 
(d a secure portion of the circuit board having verifiably good integrity comprising- 

35 r e. aI io^ 

reJonshTp""* *" ^ "° m va,ids,fon formation by means of said inverse 3S 

13] means for providin,, an integrity output responsive to opening on said second and third values 

4» S Zl"? ^ SVS ' Cm '° 3 m ° de responsive «» ' ,ifs < '"teflrity output and ' 

4 C *r \y SVS ' Cm '° 3 SeCOnd mode r «P°"^e to a second integrity output 
andsaiSn^ 

anu said second integrity output is indicative of bad system integrity 

looser IXSS Wn S3id " m ° de ^ ^ « --ting said system 

45 ataYm.*"* SVS,em *? C ! aim * °' ? ™* second ™ de is ,u ' th * f characterized as aaivating an 4S 

l%^Z n ^ VS - em y nbl * * P ' aVCf res °° n5iv * ™<** ^d an alarm mode, comprising- 
a ,.rsi memory having data and validation information contents therein wherein said va dation 

so 't~rr;r^ 

. means for validating me int-igrity of Ihe first memory comprising- 50 

firraScondSS ! ' &0t, " aUl11 ' SVS,e "' in ' e9f l,V reS °" 0U,P0, reSP ° nsive «° operatives relating said 55 

i„SS diVa% ''^ ° aminfl S¥S ' em *° S3!d 3 ' af " m ° de reS P°" sive 10 3 — 1 of faoity system 

60 goTdSm^eS ti,!d f,fimi ° g SVS,tm ,0 ^—POnsive mode responsive to a result output of 60 
49. The system as in Claim 4S- 

^^!^ Ct,thiP ' hC Cha " C,er ,hal "contents of <rtl first memory 

65 50- A 9amingsystemasinCl£ilm48or49: 



40 



wherein said validation information is derived from said first value 
function^* Sy5,Cm " " C ' aim 48 Wh6rein Sa!d ' irS '' ^ "* -r.-ionships are one-w, v 

52 A system for insuring the integrity of information loaded into the system comorisinrv 
S la) a memory having initially ondeHned contents- system, composing. 

!c| means forver.fymg the Integrity of the loaded contentscomprisina- econo,e,a,,onsh 'P- 
,„ .he me'moT nS de ' M " 9 ' ^ Min ° * * ' e, ^.p responsive to ,he data content, of 

of^daXS^ 
15 W) means lor controlling the operable status of the system further comprising 

output'. anT™ 3C,fVa ' in9 Saidsvs,em 10 8 ™™> «—*- mode response to the good integrity ' 5 

B^hT^stV^ 
20 wherein said system is a gaming system. 

54. The system as in Claim 53 further comprising: 20 
an interface port for communicating with an external device- 

sa^e^VnXvicV * M " ^ ^ m ™«V "i.h *. communications received from 

56. The system as in Claim 52 or 53 having user responsive input means wherein said nn, m »i 
operational mode is further characterized as being responsive to said u*e ^sVonril. , 
30 57. A method of controlling the operable mode olasvslsm Lrino amnmn t ^Put means. 

information contents, comprising the steps of: 9 Cm °' y W " h da ' 3 3nd "'^to" 30 

deriving a first value from the data contents according to a first relationship 
denying a second value from the validalion information according to a second relationship 

M ¥ta™fh r-f SC ° PefatiVe m ° de r «P°"*ve to the delerminefl L integrity 

58. The method as .n Claim 5? further characterized in that said system is a oamir» «»m 35 

ou. i ne method as in Claim 59 further comprising the steps of- 

makingihe first andsecond relationships public- 
45 maintaining the inverse to the second relationship in secrecy 

62. The method as in Claim 57 or 58 further comprising the steps of : 45 

50 JS^SS^i C ' aim 62 WhefBin ^ Var ' d * i0n inr ° fma,i0n is d " ived •>« — «™ value, further 

de;ivf n ratst d vle7rom 9 K T™"* da « 3 comprising the Steps of: 

55 conSo^ 

reS;r n Va,UC ^ ^ * 3 — d h -ing an inverse 

storing and valida;:-- ;„ =£ r d memory eonlents 

65 P'ov,d,n 9 a first activation siona. response to said integrity output indicotinn good system integriiy and 65 






providing a second activation 5>gnul ttsppusive io said integrity output indicating bad system initrgrity. 
"S6. The method ol C'a»m 64 or $5 wherein said first relationship and inverse second relationship are 

public and said second relationship is ;.c.-crct. 

68. In a system, having a straind sccwc circuit portion comprising _ processor and a first memory, said 
5 system also having an insecure circuit portion comprising a second memory, a method of insuring the 
integrity of the insecure portion of the system comprising the steps of: 

deriving a first value from the tJoifi content oi the second memory by a first relationship wherein changing 
the contents of the second memory chunges the first value; 

deriving a validation value from suit) first value by a second relationship having an inverse relationship 
and 

storing said validation value. it :> prcrttlined location in said second memory. 

62. The method as in Claim 68 Imtlitr comprising the steps of: i 
la) verifying the integrity of the :.ncimd memory by means of said secure portion, further comprising the 
steps of: 

O) deriving a third value from the contents of the second memory by said first relationship; 
1?! deriving a fourth value from r.uid validation value by said inverse relationship; and 
(31 operativeiy relating the thin! value to the fourth value and providing a relational output; and 
(bl controlling the operable stilus of the System further comprising the steps of: 
til activating said gamin;) •.yr.it-in lo a normal-responsive mode responsive to said relational output 
70 indicating good system integrity, ami 

12) activating the system to .in .il.inn mode responsive to said relational output indicating bad system 
irsiegnty. 

70. The metho. : if Haim 6B n- <V> 1 r- rh a r^, ef i?e d in that saiV first and inverse second relationships 

arepubncar.u .^ . . ^OOnC* rclotion:.tiip is secret. 

71. The method of Claim 70 lur tlu-r rhoracteriied In that said second memory is nonvolatile. 

72. The method of Cl3im CB i>r l,n ther characterized in that system is a gaming system. 

73. The method of Claim 60 Imtl.r.r nhnracterized in that said normal-responsive mode is a player 
responsive mode, and said b\;nm mode is o player nonresponsive mode. 

7~. A method ol Claim 7 J whi.-rf.-iit s:i„l step of operativeiy relating further comprises the steps of: 



10 



15 



75 



; an indication of good 



valSation wold? inS,fO£,i0nS "" : r ™ u,c r ' ,emc "Y 50 •» «° a second value representative of the 

jc! ooeraiivety relating il,.- f.rM .-,n,f second values ,o provide an indication of system integrity 
< 5 .U^ZTsVS^! : ' V: '" :m " P ' aVCr n0n ' eSPOnsive a — ™ de <• - '«toUon 

tel activating sei'd gaming : . Y u.:,n to said player-responsive mode responsive to i 
system integrity, 

77. Th.e method as in Claim K, further comprising the steps of- 

„ J^^T'^l^ mt, ' mr - 01 ° ' UnCli0 ' 1 Which CXhibi1s ,h * characteristic that changing any of the 
SO co "'ents olthe nonsecure memory cholines the first value. 

78. The method as in Claim 77: 

dSH^SS^^T^ "■? am »> ■"»" »» "n, v,i™. M„ complins, the .I.e. of: 

70. The method as in Cla.m y 6 wl, (: „ : in said first value is derived by 
operativeiy relating said data tr> f,,,, functional mapping; and 

^'Z^^^S^™ Vi " il,: " i0n inf0rm5,, ° n U 0P5faSiVe,V re ' 0ted E ° Sa ' d * M 
wherein said second value i-, <J. j, v i ,| t jy 

60 ^t^S^r-^ '--oaninverseofsaidsecondfunctiona. 
rn« ThemeIhod of C,a ' m 67 »•' ! ' H ™ '""her comprising the steps of- 

Tl"ll™^ou : ' !;S0Cia,ed vrtWwto " 'formation in said memory. 

° d ' 0r con,ro,1 '"f' H»:r U hve mode of a system, having local and .emote devices 



55 



10 



15 



20 



30 comparing ,he magmtude ,>| s,.-,!,; |„ s , ario sec0 nd values, and indicating said good system integrity by a 
_rei?i.onal. K urt of equality, ami inrlica.im, said bad system integrity by a relational result of inequality. 

/5. r.-,et.,pd of Claim 7 1 further characterized in that said first, second and inverse second 
relationships are one-way martpmri functions. 
76. m a gaming system, hav.r.j, a nl.-.ycr responsive mode and a player nonresponsive alarm mode, said 
35 hlh lr ,7- . PnS ,' n9 ! n T: C ' n ' :rn,U ¥ havi " 9 da,a and vacation information, said validation information 
* ' d '° * " 0,: '- Mid SvlEm 3,so havi "9 a secure memory, a method for selectively 
act,vai,r, y ths system to a picilni-sr m.n,:«i mode responsive to validating the integrity of the nonsecure 
memory, comprising the steps ol: 

J™ ?* e ??° 9 insl,uetions l,r " T, ,h,: !; «'»« memory so as to derive a first value representative of the 
i 0 contents of tne nonsecure mtmnry; 
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Fi 



15 



20 



responsive to determined integr,,, „f t on,n„ m :; alc d information comprisino the steps 

va'sis 

communicating said data and ■,,.,rJr.rion infp.mation from the remote device to the local device 

.ESS rSnr^" 0 ^ 0 " ^ " " ,OC3 ' " "» ! — - « - second 
, 0 va'ueT 0 "" 9 ° Pera,iVC m ° de * ,h '' SVS,t m f eSP ° ns!ve ,0 re»a.mg said firs, and second 

83. The method as in Claim 81 further comprising the Steps pf- 
rJS^SSSTol? C,£itn 61 " h ' : ' tin ^ V0 ' ida,iOn inf — i0 " * "™ -** »•« value, further 

descr^;^:^ 

in 7"*°' ? •r«' m 3 — V with data and validation 

93. A method to, weaK™ m. ^scnbe-d w.th reference to the accompanying drawings, 

described wi,5"e£ence lo ,^ I^^SS? ^ ™ SUb " 3 "' ia " y » 

refaidfoTawSuL^K 9 "'"'""^ * mcm0, ' v * Bvi "9 d8,a «"""« ^dvalida.on value content 
?i^f^^• B ?ir I iJ; , ' 1, r - , " :0m ' - ,0 ' ! ° nshi ^ «*»«"--* as herein described whence 

sy!.em a^oTaS J„ i^sec T'" ^ 1 ™< y ™ composing a processor and a first memory, said - 

imeS -2 th eTX. , ™ T r ' , "" 0n com P' isi "g a memory, a method of during the " 

< 5 accompanying Z^**" " °' ^ « >>°™ Ascribed with f eference to the 

sy!L comSno ^T^JT^ "'"T " SPt,nSiVe ^ S " d 3 P,aV * f "°"«pon S ive alarm mode, said 

activating the system to a orld, . , 9V ' n3 3 SECure memor Y. 3 ™< h °° 'or selectively 

50 "emory,^,*^ 

retort; ^oTe ^cc^S3TO2^ Mn,e " e,, ' ,n,OM " » "erein described with 
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